[Freeipa-devel] [PATCHES] 0552-0554 Upgrading write permissions
Simo Sorce
ssorce at redhat.com
Wed May 28 14:50:03 UTC 2014
On Wed, 2014-05-28 at 16:27 +0200, Petr Viktorin wrote:
> Simo, I hazily remember discussing that we should only allow specific
> attributes on add, otherwise users can add entries with any extra
> objectclasses and attributes. Did we come to a conclusion?
> I might have confused targetattr with targetattrfilter in my notes;
> since I see targetarr is ineffective.
>
Yes we need to restrict at least the allowed objectclasses I think.
Simo.
More information about the Freeipa-devel
mailing list